Bug 1947844
| Summary: | Ugly stderr output when 'dnf repoquery' executed by non-root | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Pavel Raiskup <praiskup> |
| Component: | subscription-manager | Assignee: | mhorky |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 34 | CC: | alikins, awood, bkearney, csnyder, mhorky, ptoscano, redakkan, wpoteat |
| Target Milestone: | --- | Keywords: | Triaged |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | subscription-manager-1.29.18-1.fc34 subscription-manager-1.29.18-1.fc33 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-08-08 01:04:02 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
We run DNF non-privleged in prunerepo script: https://pagure.io/prunerepo There are different possibilities to do in case of running dnf with the subscription-manager plugin when run as non-root user: a) disable logging of (permissions?) errors/etc b) log to a file somewhere in $HOME -- like in $XDG_CACHE_HOME ($HOME/.cache by default) c) log to a file in the user cache directory of dnf -- e.g. /var/tmp/dnf-$USER-$RANDOM_8_CHARS In case of (b) and (c), the log file would still fill with messages about root-only files (like /etc/pki/consumer/cert.pem mentioned above) being not accessibile. Making subcription-manager partially usable as user is a bigger, and separate task, though. Personally I think (b) and (c) are the only viable options. The messages in (a) might be annoying but they are at least meaningful and afaik accurate. I think (b) will align the best with any future attempts at making subscription-manager usable (even partially) as a non-root user. Thanks for the thoughts! Reproducing the failure:
======================
subscription management server: 3.2.19-1
subscription management rules: 5.41
subscription-manager: 1.28.19-1.el8
# su - test
Last login: Fri Jul 30 07:41:35 EDT 2021 on pts/1
$ dnf repoquery --repofrompath=prunerepo_query,/tmp/repo --repo=prunerepo_query --refresh --queryformat=%{location} --quiet --setopt=skip_if_unavailable=False --latest-limit=1
2021-07-30 07:43:42,227 [ERROR] dnf:43447:MainThread @logutil.py:221 - [Errno 13] Permission denied: '/var/log/rhsm/rhsm.log' - Further logging output will be written to stderr
2021-07-30 07:43:42,229 [ERROR] dnf:43447:MainThread @identity.py:156 - Reload of consumer identity cert /etc/pki/consumer/cert.pem raised an exception with msg: [Errno 13] Permission denied: '/etc/pki/consumer/key.pem'
Error: Failed to download metadata for repo 'prunerepo_query': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Verifying on :
==============
# subscription-manager version
server type: Red Hat Subscription Management
subscription management server: 3.2.19-1
subscription management rules: 5.41
subscription-manager: 1.28.19-1.git.6.c1dd7c3.el8
# su - test
Last login: Fri Jul 30 12:54:55 IDT 2021 on pts/0
$ dnf repoquery --repofrompath=prunerepo_query,/tmp/repo --repo=prunerepo_query --refresh --queryformat=%{location} --quiet --setopt=skip_if_unavailable=False --latest-limit=1
Error: Failed to download metadata for repo 'prunerepo_query': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
$ tail ~/.cache/rhsm/rhsm.log -n 1
2021-07-30 14:44:45,629 [ERROR] dnf:87159:MainThread @identity.py:156 - Reload of consumer identity cert /etc/pki/consumer/cert.pem raised an exception with msg: [Errno 13] Permission denied: '/etc/pki/consumer/key.pem'
Based on the above observation preverifying the bug .
FEDORA-2021-6ee21d8f84 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-6ee21d8f84 FEDORA-2021-6ee21d8f84 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2021-bf6554d095 has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report. |
On a subscription-manager registered Fedora box, I run: $ dnf repoquery --repofrompath=prunerepo_query,/tmp/repo --repo=prunerepo_query --refresh --queryformat=%{location} --quiet --setopt=skip_if_unavailable=False --latest-limit=1 2021-04-09 13:43:09,027 [ERROR] dnf:964596:MainThread @logutil.py:200 - [Errno 13] Permission denied: '/var/log/rhsm/rhsm.log' - Further logging output will be written to stderr 2021-04-09 13:43:09,084 [WARNING] dnf:964596:MainThread @logutil.py:154 - logging already initialized 2021-04-09 13:43:09,084 [ERROR] dnf:964596:MainThread @identity.py:156 - Reload of consumer identity cert /etc/pki/consumer/cert.pem raised an exception with msg: [Errno 13] Permission denied: '/etc/pki/consumer/key.pem' dummy-pkg-20210407_1217-1.fc34.x86_64.rpm The error messages are not related to the `--repo` we are querying, and it shouldn't be printed out. This can not be silenced by dnf -q option, nor error level, etc.